The Privacy Act of 1974 was written to prevent exactly this: government employees using federal databases containing Social Security numbers, health records, and bank account information for unauthorized purposes. Department of Government Efficiency staffers did it for nearly a year. They copied records of 300 million Americans to unsecured servers, shared files with outside political groups, and coordinated with election-denial activists to match voter rolls against Social Security data.
The Trump administration has now admitted in court filings what a whistleblower alleged in August: DOGE employees violated internal policies, circumvented security protocols, and may have broken federal law. The full extent of the data compromise remains unknown. Federal courts have alternated between blocking and allowing DOGE access, and the case now turns on whether the Privacy Act's post-Watergate safeguards can constrain a White House that treats them as obstacles.
DOGE staffer signs agreement with unnamed political advocacy group to analyze state voter rolls—four days after restraining order.
Court Issues Temporary Restraining Order
Legal
Judge Hollander blocks DOGE access to SSA systems and orders deletion of personally identifiable data.
SAVE System Access Requested
Investigation
Moghaddassi requests DHS SAVE system access to check immigration status, calling it 'absolutely critical.'
Unauthorized Cloudflare Server Use Begins
Violation
DOGE team begins sharing SSA data through Cloudflare, an unapproved third-party server.
Encrypted File Sent to DHS
Violation
DOGE staffers send password-protected file containing ~1,000 individuals' personal data to DHS.
February 2025
Judge Blocks DOGE at Education and OPM
Legal
Maryland federal judge issues temporary restraining order preventing data sharing with DOGE at Education Department and OPM.
Lawsuit Filed Against DOGE Data Access
Legal
Democracy Forward sues on behalf of unions and retirees, alleging Privacy Act violations.
Dudek Appointed SSA Acting Commissioner
Personnel
Trump replaces Michelle King with Leland Dudek, who had been placed on leave for unauthorized DOGE communications.
January 2025
DOGE Established by Executive Order
Policy
Trump signs executive order creating the Department of Government Efficiency, reorganizing the U.S. Digital Service.
Historical Context
3 moments from history that rhyme with this story — and how they unfolded.
1 of 3
1971-1974
Nixon's Political Enemies Project (1971-1974)
The Nixon White House maintained an 'enemies list' of 600+ political opponents—journalists, activists, Democratic officials—and attempted to weaponize the IRS to audit and harass them. John Dean coordinated efforts to investigate 490 McGovern campaign staffers. IRS Commissioner Walters refused to comply.
Then
Nixon faced impeachment charges including allegations he 'endeavoured to cause income tax audits or other investigations to be initiated or conducted in a discriminatory manner.'
Now
Congress passed the Privacy Act of 1974 to prevent government abuse of personal data. In 1998, bipartisan legislation explicitly prohibited the President from requesting audits of specific taxpayers.
Why this matters now
The Privacy Act was written to prevent exactly what DOGE staffers allegedly did: using government databases for political purposes. The DOGE controversy tests whether those post-Watergate safeguards remain enforceable.
2 of 3
2014-2015
OPM Data Breach (2014-2015)
Chinese state-sponsored hackers breached the Office of Personnel Management, exposing personal data of 21.5 million federal employees and security clearance applicants—including Social Security numbers, addresses, fingerprints, and background-check details. OPM Director Katherine Archuleta admitted SSNs weren't encrypted due to 'antiquated systems.'
Then
Archuleta and OPM's CIO resigned. A Chinese national was later arrested and deported for providing malware used in the breach.
Now
Class-action lawsuits resulted in $63 million settlement in 2022. The breach established that data exposure creates 'actual damages' under the Privacy Act, even without proven identity theft.
Why this matters now
The OPM breach showed what happens when 20+ million federal records are exposed. DOGE's alleged copying of 300+ million Americans' data to unsecured servers represents a potentially larger exposure, this time from inside the government.
3 of 3
2022-2024
2000 Mules Retraction (2022-2024)
Documentary filmmaker Dinesh D'Souza released '2000 Mules,' claiming cell phone geolocation data proved widespread ballot fraud in 2020. True the Vote supplied the underlying data. The film accused a Georgia man of being a 'mule' who illegally delivered ballots.
Then
Salem Media Group pulled the film from distribution. D'Souza publicly apologized to the Georgia man for 'the distress the allegations have caused.'
Now
The retraction demonstrated that data-matching between voter rolls and other databases produces false positives that harm innocent people. No prosecutions resulted from the film's allegations.
Why this matters now
True the Vote—the group that supplied '2000 Mules' data—publicly appealed to DOGE for voter roll access. Court filings suggest DOGE staffers signed a 'Voter Data Agreement' with an advocacy group seeking to 'overturn election results.'
